K
Q

Edit max_conns in Kubernetes ingress Ngnix?

2/7/2018

Im trying to limit the number of concurrent connection to servers in my Nginx ingress.

is max_conns supported in Ngnix ingress? how can i edit or add it?

max_conns=number limits the maximum number of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.

http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream

exmple of an Nginx conf using max_conn

upstream backend {
server backend1.example.com  max_conns=3;
server backend2.example.com;}

thanks

-- xFiler
kubernetes
kubernetes-ingress
nginx
nginx-reverse-proxy

Similar Questions

How to setup a Deepstream service in Kubernetes and have a client connect to it?
Deploying same microservice many times in my cluster to achieve faster performance
Configuring JWT for NGINX PLUS controller in kubernetes
nginx k8s ingress - forcing www AND https?

2 Answers

2/7/2018

According to https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md#rate-limiting, there are annotations for limiting the number of connections:

The annotations nginx.ingress.kubernetes.io/limit-connections, nginx.ingress.kubernetes.io/limit-rps, and nginx.ingress.kubernetes.io/limit-rpm define a limit on the connections that can be opened by a single client IP address. This can be used to mitigate DDoS Attacks.

nginx.ingress.kubernetes.io/limit-connections: number of concurrent connections allowed from a single IP address.

nginx.ingress.kubernetes.io/limit-rps: number of connections that may be accepted from a given IP each second.

nginx.ingress.kubernetes.io/limit-rpm: number of connections that may be accepted from a given IP each minute.

You would need to add these annotations in your Ingress rule.

-- Javier Salmeron
Source: StackOverflow
2/8/2018

So, what needed to be done in order to add max_conns (or any other parameter that is not supported by the ingress configmap) - is to change the template.

changing the template /etc/nginx/template/nginx.tmpl like this:

upstream {{ $upstream.Name }} {
    # Load balance algorithm; empty for round robin, which is the default
    {{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }}
    {{ $cfg.LoadBalanceAlgorithm }};
    {{ end }}

    {{ if $upstream.UpstreamHashBy }}
    hash {{ $upstream.UpstreamHashBy }} consistent;
    {{ end }}

    {{ if (gt $cfg.UpstreamKeepaliveConnections 0) }}
    keepalive {{ $cfg.UpstreamKeepaliveConnections }};
    {{ end }}

    {{ range $server := $upstream.Endpoints }}server {{ $server.Address | formatIP }}:{{ $server.Port }} max_fails={{ $server.MaxFails }} fail_timeout={{ $server.FailTimeout }} max_conns=1;
    {{ end }}
}

(you can get the full file from the pod nginx-ingress-controller, just run bash on the pod and cat it) will do the trick. now create a configmap with the local nginx.tmpl:

kubectl create configmap nginx-template --from-file=nginx.tmpl=/localpath/nginx.tmpl

and then mount a volume to the deployment with this yaml:

        volumeMounts:
      - mountPath: /etc/nginx/template
        name: nginx-template-volume
        readOnly: true
  volumes:
    - name: nginx-template-volume
      configMap:
        name: nginx-template
        items:
        - key: nginx.tmpl
          path: nginx.tmpl
  • i needed to restart my NGINX ingress manually but i edited the ReplicationController because i didn't have a deployment (i guess its because im on minikube)
-- xFiler
Source: StackOverflow